QuickVPN Windows 7 64 bit RVS4000 don't ping

Using the latest Cisco QuickVPN, my Windows 7, 64 bit laptop processes the QuickVPN connection to the point where the laptop attempts to ping the router and verify the connection. Those pings fail.

Windows firewall is ON and IPSEC is started on the laptop. I have tried Kaspersky's firewall both enabled and disabled with no change.

I see from searching the Internet and this site that there are a number of frustrated people who have had this same, or a similar, problem. Someone must have figured it out by now. Please share. I will be most grateful.

Share:

Replies

Thank you for participating in the Small Business support community. My name is Nico Muselle from Cisco Sofia SBSC.

There are a lot of things that could go wrong setting up the connection using QuickVPN, and honestly, it does not always work flawlessly because it depends on many factors, including your PC and what's installed on it, the router that is your default gateway, etc ..

However, here are some things that you might try :

set the compatibility mode for QuickVPN to Windows Vista SP2 and run it as an administrator

uninstall (not just disable) Kaspersky

make sure that the PC you are connecting from is in a different subnet then the subnet behind the RVS4000

Windows Firewall and IPSec service have to be running.

Now try connecting to the RVS4000, hopefully this does the trick. I have it working in the same way on my laptop (W7 64-bit), but as said before, there are other factors that could have some influence on succesfully establishing the connection.

I have a 32 bit Windows XP laptop running Kaspersky with no QuickVPN difficulties. At this time, I am not willing to use a laptop out in the wild without some firewall and antivirus protection. I hae tried all else you suggested. If I must unload Kaspersky, what would you recommend for a firewall and antivirus that is compatible with QuickVPN?

QuickVPN will work in safe mode on Windows 7, and like Nico stated you need QVPN to be running in Visa SP2 mode, and the Windows Firewall needs to be on. The IPSec services need to be running under services.msc.

We have had to modify our Windows Firewalls to allow ICMP through the firewall both inbound and outbound, because Windows 7 is inherently more secure it blocks ICMP by default from subnet's other than its own.

This being said any other services or protocols needed from the remote subnet will need to be opened on the client. This isn't based on QVPN software but the configurations of the third party firewall software. QVPN software uses 443, 60443 for the SSL, and UDP 500 for the IPSec. It also sends a ICMP ping through the tunnel to verify connectivity after the tunnel has established. If the ping fails to report back to the QVPN client you will get the error "Remote Gateway Not Responding".

I hope this helps you configure what ever firewall you choose to use on top of the Windows built in firewall.

Thanks for the suggestions. I tried them all with no improvement including removing Kaspersky. Note that Kaspersky does not interefere with QuickVPN on the Win XP 32 bit laptop.

The fact that my 32 bit XP laptop and 32 bit Win 7 PC seem to work OK under the exact same conditions while the 64 bit Win 7 laptop fails, causes me to really wonder about the Win 7 64 bit OS. Out of the box, the 32 bit OSs seem to work while the 64 bit OS does not.

That said, I did spend some time to make certain pings (ICMP) propagate in and out of the Windows 7 64 bit laptop. Perhaps I should continue to look at the interface using wireshark or something similar.

Question, whick machine intiates the pings for for testing the connection, the QuickVPN or the RVS4000 firewall?

Additional suggestions would be appreciated. ( Use Linux seems to be a popular, but not viable, suggestions ;-)

Please make sure that you have the latest version of QuickVPN, 1.4.2.1. Earlier versions were known to have issues with Windows 7 64-bit. Also, make sure that the router has the latest firmware.

In answer to your question, the QuickVPN software pings the router. The router usually responds but the PC blocks the ping reply because of some antivirus or firewall software. This leads to the "Remote VPN router is not responding..." error.

I have seen many customer connect with Qvpn to our Routers - have you tried running windows7 in Safe mode with networking and testing Qvpn? This usually shuts down certain other programs that could possibility interfering with Qvpn software.

Attached are two logs from our RVS4000 VPN firewall router. In both cases, the client laptop is on LAN 192.168.1.0 with a gateway public WAN address of 166.147.114.20. Likewise, the RVS4000 has LAN address 10.1.12.1, netmask = 255.255.255.0, and a public WAN address of 96.254.72.61.

Both laptops are running the same version of QVPN.

Both are using the same client certificate.

The log for the Win XP laptop shows a successful connection as evidenced by the ping from 192.168.1.3 ---> 10.1.12.12

The log for the Win 7 laptop shows an unsuccessful connection. Among other things, the NAT entry for 166.147.114.20 is apparently never built.

Can anyone help with analyzing the negotiation and figuring out where it is going wrong?

I don't see an upgrade in QVPN since August 2011. Did the RVS4000 firmware recently upgrade?

Note: In our December 64 bit Windows testing, our diagnostic logs and wireshark show that the the RVS4000 failed to build a NAT table to translate IP addresses between the LANs. Without NAT translation, no routing could place between the two LANs and neither ping nor our applications worked. 32 bit Windows worked fine.

That said, what combination of Hardware and Software do you recommend for a small business where the VPN client software DOES work for 64 bit Windows clients?

None of the Cisco routers that support QVPN will NAT the inside network or remote network; It only routes the traffic with a route statement. This route statement is built automaticly upon connection of the VPN tunnel. That is why the remote and local subnet needs to be different. If you are having issues communicating to devices on the local network through the QVPN tunnel the firewall on the Operating system of the clients, both local and remote might need to be modified to allow the remote subnet to communicate with the local subnet.

Windows 7 and Vista are built with far more security, and require at times the firewall to be opened up.

I would love to have this conversation in depth. My cell # is xxx-xxx-xxxx. I am traveling today so you may not reach me. Can I call you?

Everything you said makes sense to me. BUT, in our analysis, the single biggest difference we saw between a 32 bit QVPN connection and a 64 bit QVPN connection was the presence of a NAT table entry built on the RVS4000 as part of the 32 bit negotiation process.

I wish I had the time to order and investigate the software for QVPN, which I understand is in the public domain, but I don't. This is why I am interested in purchasing something more expensive which does 'work.'

In the past, our experience with low end Cisco products is that they simply don't work as well or reliably as the more expensive product. Life is like that. I just don't like to waste your and my time trying fixing something that wasn't intended to work all that well to start with.